3Commas, a cryptocurrency trading platform, recently confirmed that 10,000 API keys recently stolen from the platform were released into the wild, announced via an anonymous Twitter post last week. Key points:
- 3Commas is linked to several major crypto exchanges, including Coinbase and Binance, among others.
- The 10,000 API keys recently released account for only 10% of the total number of keys stolen, according to the threat actor who made the original post.
- The threat actor behind the post (and attack, allegedly) has indicated that they intend to release the rest of the keys at a future date.
- Additional information posted since has indicated that the keys weren’t actually stolen, but were sold to the threat actors by someone within 3Commas. This has yet to be confirmed.
- The FBI has now become involved, according to sources, and is investigating the breach.
